Merge branch 'master' into openssh-checker

terriko · web-flow · commit 58d31bb379ba · 2019-10-29T12:05:52.000+01:00
diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py
@@ -18,4 +18,5 @@
     "kerberos",
     "icu",
     "openssh",
+    "bluez",
 ]
diff --git a/cve_bin_tool/checkers/bluez.py b/cve_bin_tool/checkers/bluez.py
@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+"""
+CVE checker for Bluez
+References:
+https://www.cvedetails.com/vulnerability-list/vendor_id-8316/product_id-35116/Bluez-Bluez.html
+
+"""
+from ..util import regex_find
+
+
+def get_version(lines, filename):
+    """Bluetoothctl will work for Version 5.0+
+
+       VPkg: bluez, bluez
+    """
+    regex = [r"bluetoothctl: ([5]+\.[0-9]+\.[0-9]+)"]
+    version_info = dict()
+    if filename[::-1].startswith(("bluetoothctl")[::-1]):
+        version_info["is_or_contains"] = "is"
+
+    if "is_or_contains" in version_info:
+        version_info["modulename"] = "bluetoothctl"
+        version_info["version"] = regex_find(lines, *regex)
+    elif "libbluetooth.so" in filename:
+        version_info["is_or_contains"] = "is"
+
+    return version_info
diff --git a/cve_bin_tool/cli.py b/cve_bin_tool/cli.py
@@ -122,7 +122,7 @@ def get_cves(self, vendor_package_pairs, vers):
 
         for i in range(len(vendor_package_pairs)):
             vendor_package_pairs[i] = tuple(vendor_package_pairs[i])[:2] + (
-                "%" + vers + "%",
+                "%" + str(vers) + "%",
             )
 
         # here we don't need to grab all of the versions
@@ -195,7 +195,7 @@ def scan_file(self, filename):
                 if self.verbose:
                     print(filename, result["is_or_contains"], modulename, version)
                     if found_cves.keys():
-                        print("Known CVEs in version " + version)
+                        print("Known CVEs in version " + str(version))
                         print(", ".join(found_cves.keys()))
 
         self.logger.debug("Done scanning file: %r", filename)
@@ -418,7 +418,7 @@ def main(argv=sys.argv, outfile=sys.stdout):
             if (not args.quiet) and scanner.files_with_cve > 0:
                 affected_string = ", ".join(
                     map(
-                        lambda module_version: " ".join(module_version),
+                        lambda module_version: " ".join(str(module_version)),
                         scanner.affected(),
                     )
                 )
diff --git a/test/test_scanner.py b/test/test_scanner.py
@@ -196,15 +196,14 @@ def test_expat_2_0_1(self):
                 "CVE-2012-0876",
                 # Check for other issues from more recent versions
                 # 2.1
-                "CVE-2016-0718",
                 # "CVE-2016-4472",
                 # "CVE-2016-5300",
                 # "CVE-2012-6702",
                 # "CVE-2015-1283",
                 # 2.2
                 # "CVE-2017-9233",
                 # "CVE-2016-9063",
-                "CVE-2016-0718",
+                # "CVE-2016-0718", Changed in nvd1.1 to not be caught
                 # "CVE-2017-11742",
             ],
             ["CVE-blahblah"],
@@ -225,7 +224,7 @@ def test_expat_deb_2_2_0(self):
         """ Test detection of expat 2.2 debian package """
         self._file_test(
             "http://http.us.debian.org/debian/pool/main/e/expat/",
-            "libexpat1_2.2.0-2+deb9u1_amd64.deb",
+            "libexpat1_2.2.0-2+deb9u3_amd64.deb",
             "expat",
             "2.2.0",
         )
@@ -263,7 +262,11 @@ def test_kerberos_1_15_1(self):
             "test-kerberos-5-1.15.1.out",
             "kerberos",
             "5-1.15.1",
-            ["CVE-2017-11462", "CVE-2017-11368", "CVE-2018-5730"],
+            [
+                "CVE-2017-11462",
+                "CVE-2017-11368",
+                # "CVE-2018-5730" affected by bug #1
+            ],
             ["CVE-2019-3823"],
         )
 
@@ -272,7 +275,7 @@ def test_kerberos_rpm_1_15_1(self):
         """ Test detection of krb5-libs (kerberos libraries) from Centos """
         self._file_test(
             "http://mirror.centos.org/centos/7/os/x86_64/Packages/",
-            "krb5-libs-1.15.1-34.el7.i686.rpm",
+            "krb5-libs-1.15.1-37.el7_6.i686.rpm",
             "kerberos",
             "1.15.1",
         )
@@ -555,7 +558,7 @@ def test_systemd_rpm_219(self):
         """ test detection of a systemd 219 rpm from centos 7 """
         self._file_test(
             "http://mirror.centos.org/centos/7/os/x86_64/Packages/",
-            "systemd-219-62.el7.x86_64.rpm",
+            "systemd-219-67.el7.x86_64.rpm",
             "systemd",
             "219",
         )

Original file line number	Diff line number	Diff line change
`@@ -18,4 +18,5 @@`
`18`	`18`	`"kerberos",`
`19`	`19`	`"icu",`
`20`	`20`	`"openssh",`
	`21`	`+ "bluez",`
`21`	`22`	`]`